hostnames resolving problem
Clemens Fischer
ino-qc at spotteswoode.de.eu.org
Sun Aug 24 05:11:17 PDT 2003
* Marcin Gryszkalis:
> On 2003-08-23 05:11, Kelly Yancey wrote:
>> The name resolution feature is already questionable: if the DNS
>> mapping changes, should the firewall rule somehow be magically
>> updated?
i agree.
> I understand the point of view that it's questionable, but - as it
> *is* implemented, it's just inconsistent. Relation between hosts and
> ips is treated as 1-to-1 where it's 1-to-many.
> But that's my just opinion - that command interface is inconsistent.
... and with eg. HTTP hosts the relation can also be many-to-1. with
the genral case beeing many-to-many, i'd vote for an update to the
manual page stating the "deficiency", especially with your nice
workaround:
> ip=`host smtp.o2.pl | cut -f4 -d' ' | paste -s -d, -`
> ${ipfw} add tcp from any to ${ip} setup
clemens
More information about the freebsd-ipfw
mailing list